Migrate with Stork in GKE
Pairing with a GKE cluster requires the following additional steps because you also need to pass in your Google Cloud credentials which will be used to generate access tokens.
Create a service account
Use the guide from Google Cloud to generate a service-account key and save it as gcs-key.json. You can also create this using the following command:
gcloud iam service-accounts keys create gcs-key.json --iam-account <your_iam_account>
Create a Secret from the service-account key
On the source cluster, create a secret in kube-system namespace with the service account JSON file created in the previous step:
kubectl create secret generic --from-file=gcs-key.json -n kube-system gke-creds
secret/gke-creds created
Pass the Secret to Stork
The credentials created in the previous step need to be provided to Stork. When deployed through Portworx Operator, add the following to the stork
section of the StorageCluster spec:
stork:
enabled: true
volumes:
- name: gke-creds
mountPath: /root/.gke
readOnly: true
secret:
secretName: gke-creds
env:
- name: CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE
value: /root/.gke/gcs-key.json
Update ClusterRoleBinding
Create a clusterrolebinding
to give your account the cluster-admin role:
kubectl create clusterrolebinding stork-cluster-admin-binding --clusterrole=cluster-admin --user=<your_iam_account>